89763 matches found
CVE-2026-40174
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...
CVE-2026-40174 Masa CMS CSRF in user address management allows unauthorized address changes
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...
CVE-2026-40174 Masa CMS CSRF in user address management allows unauthorized address changes
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...
EUVD-2026-28154
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...
EUVD-2026-27848
A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by...
NPM: dssrf: every IPv6 category bypasses is_url_safe
NPM: dssrf: every IPv6 category bypasses isurlsafe vulnerability discovered by ? in WordPress Npm dssrf versions 1.3.0...
Incomplete Filtering of Special Elements
Overview dssrf is a SSRF defense library for Node.js with safe URL validation utilities. Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements via the isurlsafe function. An attacker can access internal network resources by supplying specially crafted IPv6...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /v1/chat/completions, /v1/responses or /v1/messages endpoints. An attacker can cause the server to make unauthorized HTTP requests to internal resources, potentially exfiltrating sensitive conten...
CVE-2026-20035 Cisco Unity Connection Server-Side Request Forgery Vulnerability
A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by...
CVE-2026-20035
A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by...
CVE-2026-20035
Cisco Unity Connection Web Inbox SSRF: unauthenticated attacker can cause the affected device to issue arbitrary network requests via crafted HTTP requests due to improper input validation. Affected component is the web UI; CVSS 3.1 base score 7.2 (NETWORK, HIGH). Exploitation status and remediat...
CVE-2026-20035 Cisco Unity Connection Server-Side Request Forgery Vulnerability
A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by...
Cisco Unity Connection Remote Code Execution and Server-Side Request Forgery Vulnerabilities
Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to execute arbitrary code on or conduct server-side request forgery SSRF attacks through an affected device. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco...
EUVD-2025-209687
HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...
CVE-2025-31957
HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...
CVE-2025-31957 HCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability.
HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...
CVE-2025-31957
Technical details for CVE-2025-31957 are not publicly available in the provided documents. The records reiterate a CSRF vulnerability in HHCL BigFix Service Management but do not specify affected versions, impact specifics, or remediation steps. Monitor for updates.
CVE-2025-31957
HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...
CVE-2025-31957 HCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability.
HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...
WordPress PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin <= 12.5.0.1 - Unauthenticated Blind Server-Side Request Forgery vulnerability
Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin PixelYourSite PRO versions = 12.5.0.1...